<?php
	session_start();
	
	if(!isset($_SESSION["maloainguoidung"]))
	{
		header("location:login.php?err=1");	
	}
	
	if(isset($_POST["ten"]))
	{
		$ten = $_POST["ten"];
		$thongtinchitiet = $_POST["thongtinchitiet"];
		$nsx = $_POST["nsx"];
		$loai = $_POST["loai"];
		$gia = $_POST["gia"];
		$xuatxu = $_POST["xuatxu"];
		$ngay = date("Y-m-d");
		if ($_FILES['hinh']['size'] > 0)
		{
			move_uploaded_file($_FILES['hinh']['tmp_name'],"../../../images/upload/".$_FILES['hinh']['name']);
		
			$sql = "INSERT INTO `dt`(`tendt`, `thongtinchitiet`, `manhasanxuat`, `soluottruycap`, `gia`, `hinh`, `ngaynhaphang`, `soluongban`, `xuatxu`, `maloaisanpham`) VALUES ('".$ten."','".$thongtinchitiet."',$nsx,0,$gia,'images/upload/".$_FILES['hinh']['name']."','".$ngay."',0,'".$xuatxu."',$loai)";				
		}
		else
		{
			$sql = "INSERT INTO `dt`(`tendt`, `thongtinchitiet`, `manhasanxuat`, `soluottruycap`, `gia`, `ngaynhaphang`, `soluongban`, `xuatxu`, `maloaisanpham`) VALUES ('".$ten."','".$thongtinchitiet."',$nsx,0,$gia,'".$ngay."',0,'".$xuatxu."',$loai)";	
		}
		
		include"../../../code/DataProvider.php";
		DataProvider::ExecuteQuery($sql);
	}
	header("location:../../index.php?act=2");
?>